FixVibe
FixVibe kapsamındadırcritical

Schneider Electric Modicon M221 Authentication Replay Advisory (CVE-2018-7790)

FixVibe can flag public Modicon M221 HTTP product and firmware-version evidence associated with CVE-2018-7790 as a version-based advisory. The scan does not replay authentication, query industrial protocols, upload PLC programs, or prove unauthorized access.

CVE-2018-7790CWE-294

Schneider Electric and NVD list Modicon M221 controllers running firmware before V1.6.2.0 as affected by CVE-2018-7790, an authentication replay advisory [S1][S2]. A scan result should be treated as firmware and exposure evidence that needs operator validation, not as proof that authentication replay was performed.

Attacker Impact

If an affected controller is reachable from an untrusted network and an attacker can connect under the advisory conditions, replayed authentication sequences may allow unauthorized access that can expose or upload the original PLC program [S1]. Because these controllers can sit near industrial processes, exposed management surfaces should be reviewed urgently even when the scan only sees public HTTP firmware evidence.

Covered by FixVibe

FixVibe reports this issue only when the scanned HTTP response provides target-specific Modicon M221 product evidence together with a firmware version below V1.6.2.0. The finding is a version-based advisory with source quality, confidence, and explicit limits. FixVibe does not capture credentials, replay authentication, query Modbus or other industrial protocols, upload or download PLC programs, or prove unauthorized access.

Remediation

Upgrade Modicon M221 firmware to V1.6.2.0 or later and confirm the running firmware from trusted controller inventory or Schneider-supported tooling [S2]. Remove public access to controller management surfaces, block remote or external access to industrial management ports such as TCP/502, disable unused protocols including programming protocol where possible, restrict access through industrial firewalls, VPN, and segmentation, and review access logs around the evidence time.

Schneider Electric Modicon M221 Authentication Replay Advisory (CVE-2018-7790) — FixVibe research · FixVibe